Living in a State of Cyber Insecurity - Advanced Targeted Attacks

Hide details

Aaron Sheridan, Sr. Systems Security Engineer

With the APT attacks in 2011, we have seen cyber criminals penetrate networks seemingly at will. This has been possible because of zero-day, targeted APT attacks utilizing sophisticated malware that infiltrates over multiple stages and multiple vectors like Web and Email.

In this webcast Aaron will discuss the cycle of cyber insecurity and provide key criteria as security professionals investigate next-generation threat protection, including:

Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
In interactive this session, you will learn about:
• The key use cases for network forensics
• The typical organization that acquires network forensics technologies
• How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks

FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

Join us for a dynamic discussion with subject matter experts where you will learn:

•What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
•Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
•How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare

FireEye recently released a new report “Behind the Syrian Conflict’s Digital Frontlines” that documents a well-executed hacking operation that successfully breached the Syrian opposition.

Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.

We have only limited indications about the origins of this threat activity. Our research revealed multiple references to Lebanon both in the course of examining the malware and in the avatar’s social media use. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

• An overview of the conflict in Syria and why cyber-espionage is an increasingly important factor
• An in-depth analysis of a critical breach of the Syrian opposition including an overview of the tools and techniques used by the threat actors

All webinar attendees will receive a free copy of the new Syrian report. Register today!

From Cryptolocker to the Apple iOS vulnerability, there have been numerous high-profile breaches in 2014. With the ever-changing threat landscape and advanced cyber attacks showing no sign of slowing down, organizations need to be prepared as we head into 2015.

Join our live webinar where Bryce Boland, CTO for Asia Pacific at FireEye, will share top, global security predictions and challenges for 2015. In this webinar:
•Find out the top 10 security predictions for 2015 and how they impacts organizations
•Discover the data that drove these predictions
•Learn about key strategies to take a proactive stance against advanced attacks

This week FireEye released a new report called Hacking the Street? FIN4 Likely Playing the Market. This report focuses on a targeted threat group that we call FIN4 (Financially Motivated Group 4), whose tactics are surprisingly low-tech yet insidiously effective at obtaining access to confidential discussions at the highest levels of targeted companies. Our research suggests that FIN4 is likely targeting these companies in order to obtain advance knowledge of “market catalysts,” or events that cause the price of stocks to rise or fall dramatically.

Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

• A deep dive into FIN4’s tactics and why they are simple yet surprisingly effective
• How FIN4 may be monitoring insider communications for a trading advantage
• Why FIN4 is different from other threat groups FireEye tracks
• A profile of organizations at risk, and what they can do to protect themselves.

All webinar attendees will receive a complimentary copy of the Hacking the Street? report.

FireEye just released a report called APT28: A Window Into Russia's Cyber Espionage Operations? The report focuses on a targeted threat group that we call APT28 (Advanced Persistent Threat group 28) and details ongoing, focused operations that we believe indicate a government sponsor - most likely the Russian government.

Join us for a roundtable discussion with Russian security expert, Edward Lucas of The Economist, and Jen Weedon, Manager of Threat Intelligence at FireEye.

The cyber threat landscape is dramatically evolving, but one thing is certain – attackers are becoming more and more sophisticated, and most organizations are struggling to keep pace. In a recent IANS and FireEye survey, security practitioners and decision makers share their perspective on the type of attackers they’re dealing with, how they’re responding to the growing threat, and the effect on organizations that have experienced a breach.

Join FireEye’s Chief Security Strategist (Forensics Group) Josh Goldfarb, and Dave Shackleford, IANS Lead Faculty, as they discuss:
•The kinds of products and controls most organizations are implementing
•What new technologies security teams are focusing on, and
•How security budgets are changing to align with security’s growing importance to the enterprise

In this webinar, our experts will present one practical case of such attacks called "Sidewinder Targeted Attack." It targets victims by intercepting location information reported from ad libs, which can be used to locate targeted areas such as a CEO's office or some specific conference rooms. When the target is identified, "Sidewinder Targeted Attack" exploits popular vulnerabilities in ad libs, such as JavaScript-binding-over-HTTP or dynamic-loading-over-HTTP.

Join us for this for this live session to learn:
•How a Sidewinder Targeted Attack can disrupt and hijack the network where targeted victims reside
•The risks of remote attacks on Android devices through apps downloaded from Google Play
•Different forms of attacks to Android vulnerabilities
•Current trends and best practices around mobile security

Taking on security needs at a new organization can be complicated as you learn what’s currently in place, where the gaps are and the best way to drive change in your new organization. Get helpful guidance, beyond the technical details, from an experienced change agent.

This talk will discuss some of the ways in which security can be approached as a business process, rather than as an enigma, including:

•Your first 30 days: fame and foibles when taking over a new
security program
•Gauging your business executives: how to talk with senior
business leaders and classify their responses to security in order
to make your relationship more effective
•Show me the money: how to review a security budget and quickly
match it up against your new organization's risk profile
•Finding strategic partners: a litmus test for discussions with key
vendors to figure out who to trust and who is selling you a bridge

Threat actors’ tactics and motivations are evolving. Successful security teams continuously adapt to anticipate new tactics. That means adopting new approaches. Join us for this webinar, where we share FireEye’s point of view about how organizations can implement adaptive defense strategies that position them to detect, analyze and respond to security incidents of all kinds.

FireEye’s CTO, Dave Merkel, will discuss how security teams can reduce the time to detect and resolve security incidents.

Current IPS products are deficient for lots of reasons—they’re signature-based, unable to detect modern threats, and, they create excessive alerts that require additional resources to manage. Using an outdated protection model results in distracting false positives and a lack of actionable threat intelligence. Organizations need a holistic view of multi-vector attacks that goes well beyond what conventional IPS tools offer.

Join FireEye for this brief webinar and discover a new approach to IPS. You’ll quickly realize how you can save your organization time, money, and reduce your exposure to the threats lurking out there.

Join us for this webinar where we’ll share our latest intelligence and recommend how healthcare, pharmaceutical and medical device manufacturers can protect themselves from attackers that target these industries.

In this webinar we will cover:
• Which threat actors target these industries?
• What information do they typically steal?
• What type of tools and tactics do attackers use to gain access?
• What can we expect from these threat actors in the coming year?
• How can organizations protect themselves from the attackers that
are targeting them?

• What is an intelligence-led defense?
• What is “adversary intel”? Where do you get it and how can you
act on it?
• What is “attribution” and how important is it?
• What intel should a security organization maintain internally? How
should it supplement this with 3rd party intel?
• What is the right balance between detection-based intel and
adversary intel

Are you building another Maginot Line? France’s famed border defense was hailed as a military marvel in the run-up to World War II — and quickly rendered useless by new blitzkrieg-style warfare. In much the same way, many common cybersecurity tools are not stopping today’s attacks.
In a first-of-its-kind study, we analyzed data from 1,216 organizations in 63 countries across more than 20 industries. FireEye sits behind other layers in the typical defense-in-depth architecture. That placement offers a unique vantage point to observe them in action.

Here’s what we found:
•97% of organizations were breached, even with multiple security layers.
•More than one-fourth of all organizations experienced events consistent with advance persistent threat (APT) attacks.
•Three fourths of organizations had active command-and-control communications.
•Even after an organization was breached, attackers attempted to compromise the typical organization more than once per week (1.6 times) on average.

Join us in a live briefing to discuss these findings and what they mean for your cyber defense plan.

Cyber security experts suggest that it’s likely your organization’s data has already been breached. So rather than asking “what if?”, it’s time to ask “now what?”. Hackers use spear phishing and malware to target your trusted insiders, and then leverage stolen credentials to navigate the company network and gain access to the data center. Your data center is the ultimate goal for these attacks because it contains a concentration of sensitive data, as well as critical business applications.

This session will discuss a risk-based approach to protecting critical files, databases, and sensitive applications from compromised users. Join us to learn how to minimize downtime, save time, and keep your employees productive during the remediation process. We will also discuss how to track and analyze user activity once malware is detected.

In this presentation we will cover how to use war-gaming to improve capabilities to respond to an attack across business functions. Too often, organizations leave response planning until a serious attack has occurred. With serious cyber breaches occurring more frequently and now impacting almost every major business function, a lack of effective planning can severely impact the ability of the business to respond.

We will cover how cyber-security operating models will need to evolve, what best practice war gaming and incident response looks like, as well as approaches for developing a war gaming program.

When you think of “event data”, chances are good that you think of SIEM. If so, you may be missing out on much of the value of your logs for detecting, investigating and responding to security events.

Based on extensive real-world experience with large organizations, the Enterprise Security Monitoring (ESM) philosophy extends current host-, network- and event-based collection strategies, bringing data from all three domains under one roof for a unified view of what’s going on inside your organization.

This will be a very interactive session, with plenty of audience interaction. We welcome the tough questions. Come learn about a better way of fully leveraging the data you are already collecting to better protect your organization!